Finish coverage for sign_metadata() and generate_targets_metadata()

This commit is contained in:
Vladimir Diaz 2016-08-17 09:55:25 -04:00
parent abbda071a1
commit 6797db9d25
3 changed files with 30 additions and 30 deletions

View file

@ -519,6 +519,12 @@ def test_generate_targets_metadata(self):
self.assertTrue(len(list_targets_directory) + 1,
len(new_list_targets_directory))
# Verify that an exception is not raised if the target files already exist.
repo_lib.generate_targets_metadata(targets_directory, target_files,
version, expiration_date, delegations,
write_consistent_targets=True)
# Verify that 'targets_metadata' contains a 'custom' entry (optional)
# for 'file.txt'.
self.assertTrue('custom' in targets_metadata['targets']['file.txt'])
@ -658,20 +664,22 @@ def test_sign_metadata(self):
'keystore')
root_filename = os.path.join(metadata_path, 'root.json')
root_metadata = tuf.util.load_json_file(root_filename)['signed']
targets_filename = os.path.join(metadata_path, 'targets.json')
targets_metadata = tuf.util.load_json_file(targets_filename)['signed']
tuf.keydb.create_keydb_from_root_metadata(root_metadata)
tuf.roledb.create_roledb_from_root_metadata(root_metadata)
root_keyids = tuf.roledb.get_role_keyids('root')
targets_keyids = tuf.roledb.get_role_keyids('targets')
root_private_keypath = os.path.join(keystore_path, 'root_key')
root_private_key = \
repo_lib.import_rsa_privatekey_from_file(root_private_keypath, 'password')
# Sign with a valid, but not a threshold, key.
targets_private_keypath = os.path.join(keystore_path, 'targets_key')
targets_private_key = \
repo_lib.import_ed25519_privatekey_from_file(targets_private_keypath,
'password')
targets_public_keypath = os.path.join(keystore_path, 'targets_key.pub')
targets_public_key = \
repo_lib.import_ed25519_publickey_from_file(targets_public_keypath)
# sign_metadata() expects the private key 'root_metadata' to be in
# 'tuf.keydb'. Remove any public keys that may be loaded before
@ -679,19 +687,18 @@ def test_sign_metadata(self):
# raised.
tuf.keydb.remove_key(root_private_key['keyid'])
tuf.keydb.add_key(root_private_key)
tuf.keydb.remove_key(targets_private_key['keyid'])
tuf.keydb.add_key(targets_private_key)
tuf.keydb.remove_key(targets_public_key['keyid'])
tuf.keydb.add_key(targets_public_key)
root_keyids.extend(tuf.roledb.get_role_keyids('targets'))
# Add the snapshot's public key (to test whether non-root keys are
# ignored by sign_metadata()). Also add an invalid keyid to 'root_keyids',
# which sign_metadata() is expected to ignore.
root_keyids.extend(tuf.roledb.get_role_keyids('snapshot'))
# Verify that a valid root signable is generated.
root_signable = repo_lib.sign_metadata(root_metadata, root_keyids,
root_filename)
self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(root_signable))
# Test for an unset private key (in this case, target's).
repo_lib.sign_metadata(targets_metadata, targets_keyids,
targets_filename)
# Add an invalid keytype to one of the root keys.
root_keyid = root_keyids[0]
tuf.keydb._keydb_dict['default'][root_keyid]['keytype'] = 'bad_keytype'

View file

@ -986,7 +986,8 @@ def make_signable(object):
"""
if not isinstance(object, dict) or 'signed' not in object:
return { 'signed' : object, 'signatures' : [] }
return {'signed': object, 'signatures': []}
else:
return object

View file

@ -1553,9 +1553,9 @@ def generate_targets_metadata(targets_directory, target_files, version,
# Ensure all target files listed in 'target_files' exist. If just one of
# these files does not exist, raise an exception.
if not os.path.exists(target_path):
message = repr(target_path) + ' cannot be read. Unable to generate ' +\
'targets metadata.'
raise tuf.Error(message)
raise tuf.Error(repr(target_path) + ' cannot be read.'
' Unable to generate targets metadata.')
# Add 'custom' if it has been provided. Custom data about the target is
# optional and will only be included in metadata (i.e., a 'custom' field in
@ -1577,7 +1577,10 @@ def generate_targets_metadata(targets_directory, target_files, version,
if not os.path.exists(digest_target):
logger.warning('Hard linking target file to ' + repr(digest_target))
os.link(target_path, digest_target)
else:
logger.debug(repr(digest_target) + ' already exists.')
# Generate the targets metadata object.
targets_metadata = tuf.formats.TargetsFile.make_metadata(version,
expiration_date,
@ -1811,23 +1814,12 @@ def sign_metadata(metadata_object, keyids, filename):
# keyid of 'keyids'.
signable = tuf.formats.make_signable(metadata_object)
# Sign the metadata with each keyid in 'keyids'.
# Sign the metadata with each keyid in 'keyids'. 'signable' should have
# zero signatures (metadata_object contained none).
for keyid in keyids:
# Load the signing key.
key = tuf.keydb.get_key(keyid)
# TODO logger.info('Signing ' + repr(filename) + ' with ' + key['keyid'])
# Create a new signature list. If 'keyid' is encountered, do not add it
# to the new list.
signatures = []
for signature in signable['signatures']:
if not keyid == signature['keyid']:
signatures.append(signature)
else:
continue
signable['signatures'] = signatures
# Generate the signature using the appropriate signing method.
if key['keytype'] in SUPPORTED_KEY_TYPES: